8 matches found
EUVD-2022-6373
Malicious code in bioql PyPI...
Prototype Pollution
conf-cfg-ini is vulnerable to prototype pollution. A malicious INI file can be parsed and decoded as it does not protect the properties such as "proto" to pollute the global object prototype...
GHSA-M6MG-JVJF-W44X conf-cfg-ini Prototype Pollution via malicious INI file before v1.2.2
This affects the package conf-cfg-ini before 1.2.2. If an attacker submits a malicious INI file to an application that parses it with decode, they will pollute the prototype on the application. This can be exploited further depending on the context...
conf-cfg-ini Prototype Pollution via malicious INI file before v1.2.2
This affects the package conf-cfg-ini before 1.2.2. If an attacker submits a malicious INI file to an application that parses it with decode, they will pollute the prototype on the application. This can be exploited further depending on the context...
CVE-2020-28441
The CVE-2020-28441 issue affects the package conf-cfg-ini prior to 1.2.2. A malicious INI file parsed by decode can cause prototype pollution, allowing an attacker to pollute the application’s prototype and potentially enable further exploitation depending on context. Affected components: conf-cf...
conf-cfg-ini 安全漏洞
conf-cfg-ini is a package from the individual developer Rolf Loges in Germany. It uses Node.js to encode and decode conf/cfg/ini-Files. A security vulnerability exists in conf-cfg-ini versions prior to 1.2.2, which stems from the fact that this package is susceptible to prototype contamination; i...
PT-2022-8895 · Unknown · Conf-Cfg-Ini
Name of the Vulnerable Software and Affected Versions: conf-cfg-ini versions prior to 1.2.2 Description: The issue arises when an attacker submits a malicious INI file to an application that parses it with decode, resulting in prototype pollution on the application. This can be exploited further...
Prototype Pollution
Overview conf-cfg-ini is an encode and decode ini,conf,cfg files Affected versions of this package are vulnerable to Prototype Pollution. If an attacker submits a malicious INI file to an application that parses it with decode, they will pollute the prototype on the application. This can be...